VYPR

iOS Xr Software

by Cisco Systems, Inc.

CVEs (285)

  • CVE-2021-1243MedFeb 4, 2021
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is…

  • CVE-2020-3364MedJun 18, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit…

  • CVE-2019-15998MedNov 26, 2019
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a…

  • CVE-2019-1842MedJun 5, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when…

  • CVE-2019-1711MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker…

  • CVE-2018-0286MedMay 2, 2018
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf…

  • CVE-2017-12355MedNov 30, 2017
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief…

  • CVE-2017-12211MedSep 7, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker…

  • CVE-2025-20316MedSep 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. This vulnerability is due to the flooding…

  • CVE-2025-20293MedSep 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. …

  • CVE-2025-20159MedSep 10, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management…

  • CVE-2024-20373MedNov 15, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it…

  • CVE-2024-20390MedSep 11, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets.…

  • CVE-2018-0196MedMar 28, 2018
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that…

  • CVE-2025-20137MedMay 7, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the…

  • CVE-2019-1758MedMar 28, 2019
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in 802.1x function of Cisco IOS Software on the Catalyst 6500 Series Switches could allow an unauthenticated, adjacent attacker to access the network prior to authentication. The vulnerability is due to how the 802.1x packets are handled in the process path. An…

  • CVE-2023-20064MedMar 9, 2023
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion…

  • CVE-2017-12289MedOct 19, 2017
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec…

  • CVE-2025-20151MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to…

  • CVE-2022-20846MedNov 15, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer…